<?php
require_once ('config.php');
require_once ('databasefunctions.php');
require_once ('displayfunctions.php');
require_once ('businessfunctions.php');
validate_user();
html_header();

//Show menu

switch ($_GET['action']) {
	case "add_form" :
		title_bar($langstaffmaster);
		
		// Non controller can only modify their own user profile
		if ($_SESSION['AccessLevel'] != 1) {
			break;
		}
		
		?>
		<br><? echo $langoperation . " - " . $langadd ?><br>
		<form method = "GET" action="staffmaster.php">
		<table>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langstaffid ?>
				<td><input type = 'text' name = 'StaffID' maxlength = '10'>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langstaffname ?>
				<td><input type = 'text' name = 'StaffName' maxlength = '50'>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langstaffgrade ?>
				<td><select name = 'StaffGrade'>
						<?
						$grade_list = get_charge_list('H');
						foreach ($grade_list as $value) {
							echo "<option value='" . $value['ChargeID'] . "'>" . $value['ChargeID'];
						}
						?>
					</select>				
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langcompany ?>
				<td><select name = 'CompanyID'>
						<?
						$company_list = get_company_list();
						foreach ($company_list as $value) {
							echo "<option value='" . $value['CompanyID'] . "'";
							if ($sql_data['CompanyID'] == $value['CompanyID']) echo " SELECTED ";
							echo ">" . $value['CompanyID'] . " - " . $value['CompanyName'];
						}
						?>
					</select>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langaccesslevel ?>
				<td><select name = 'AccessLevel'>
						<option value = '1'><? echo $langaccessall ?>
						<option value = '2'><? echo $langaccessmanager ?>
						<option value = '3' selected><? echo $langaccessnormal ?>
					</select>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langdatestyle ?>
				<td><select name = 'DateStyle'>
						<option value = 'DDMMYYYY'>DDMMYYYY
						<option value = 'MMDDYYYY'>MMDDYYYY
						<option value = 'YYYYMMDD'>YYYYMMDD
					</select>

			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langlanguageid ?>
				<td><select name = 'LanguageID'>
						<?
						$language_list = get_language_list();
						foreach ($language_list as $value) {
							echo "<option value='" . $value['LanguageID'] . "'";
							if ($sql_data['LanguageID'] == $value['LanguageID']) echo " SELECTED ";
							echo ">" . $value['LanguageID'];
						}
						?>
					</select>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langloginpassword ?>
				<td><input type = 'password' name = 'LoginPassword' maxlength = '16'>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langretypepassword ?>
				<td><input type = 'password' name = 'RepeatPassword' maxlength = '16'>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langenable ?>	
				<td><select name = 'Enable'>
						<option value='0'><? echo $langdisable ?>
						<option value='1'><? echo $langenable ?>
					</select>				
		</table>
		<br><input type = 'hidden' name = 'action' value = 'add'>
			<input type = 'submit' value = '<? echo $langadd ?>'>
		
		</form>
		<?
		break;
		
	case "add" :
		if (empty($_GET['StaffID'])) {
			message_box($langstaffid . " " . $langcannotempty);
			?>
				<script>history.go(-1);</script>
			<?
			exit;						
		}
		// check duplicate staff ID
		$sql = "SELECT StaffID FROM staffmaster WHERE StaffID = '" . $_GET['StaffID'] . "'";
		$sql_result = sql_execute($sql);
		if (mysql_num_rows($sql_result) != 0) {
			$message .= '<br>' . $langduplicateuser . '<br>';
		}
		
		// check emtpy password or password and re-type password are the same
		if ($_GET['LoginPassword'] != $_GET['RepeatPassword']) {
			$message .= '<br>' . $langpasswordnotmatch . '<br>';
		}
		
		if (empty($_GET['LoginPassword'])) {
			$message .= '<br>' . $langpasswordempty . '<br>';
		}

		if ($message) {
			message_box($message);
			?>
				<script>history.go(-1)</script>
			<?
			exit;			
		}
	
		// create user profile
		$sql = "INSERT INTO staffmaster (StaffID, StaffName, StaffGrade, CompanyID, AccessLevel,
				DateStyle, LanguageID, LoginPassword, Enable) values (";
		$sql .= "'" . strtoupper($_GET['StaffID']) . "' ,";
		$sql .= "'" . $_GET['StaffName'] . "' ,";
		$sql .= "'" . $_GET['StaffGrade'] . "', ";
		$sql .= "'" . $_GET['CompanyID'] . "', ";
		$sql .= "'" . $_GET['AccessLevel'] . "', ";
		$sql .= "'" . $_GET['DateStyle'] . "' ,";
		$sql .= "'" . $_GET['LanguageID'] . "' ,";
		$sql .= "password('" . $_GET['LoginPassword'] . "'), ";
		$sql .= "'" . $_GET['Enable'] . "'";
		$sql .= ")";
		$sql_result = sql_execute($sql);
		
		echo "<br>$langstaffid $langadded<br>";
		title_bar($langstaffmaster, 1);
		break;
		
	case "modify_form" :
		if ($_SESSION['AccessLevel'] != 1) {
			// not timesheet controller
			title_bar($langstaffmaster, 0, 0);
			$_GET['UserID'] = $_SESSION['UserID'];
		}
		else {
			// timesheet controller
			title_bar($langstaffmaster, 1);
			if (! $_GET['UserID']) $_GET['UserID'] = $_SESSION['UserID'];
		}
		
		// Obtain values from table
		$sql = "SELECT * FROM staffmaster WHERE StaffID='" . $_GET['UserID']. "'";
		$sql_result = sql_execute($sql);
		$sql_data = mysql_fetch_array($sql_result);
			
		?>
		<br><? echo $langoperation . " - " . $langmodify ?><br>
		<form method = "GET" action="staffmaster.php">
		<table>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langstaffid ?>
				<td><input type = 'text' name = 'StaffID' maxlength = '10' 
					value = '<? echo $sql_data['StaffID'] ?>' readonly>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langstaffname ?>
				<td><input type = 'text' name = 'StaffName' maxlength = '50'
					value = '<? echo $sql_data["StaffName"] . "' "; 
					if ($_SESSION['AccessLevel'] != 1) echo 'readonly>';?>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langstaffgrade;
				
				if ($_SESSION['AccessLevel'] == 1) {
					echo "<td><select name = 'StaffGrade'>";
					$grade_list = get_charge_list('H');
					foreach ($grade_list as $value) {
						echo "<option value='" . $value['ChargeID'] . "'";
						if ($sql_data['StaffGrade'] == $value['ChargeID']) echo " SELECTED ";
						echo ">" . $value['ChargeID'];
					}
					echo "</select>";
				}
				else {
					echo "<td><input type = 'text' name = 'StaffGrade' 
						  value = '" . $sql_data['StaffGrade'] . "' readonly>";
				}
				?>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langcompany;
				if ($_SESSION['AccessLevel'] == 1) {
					echo "<td><select name = 'CompanyID'>";
					$company_list = get_company_list();
					foreach ($company_list as $value) {
						echo "<option value='" . $value['CompanyID'] . "'";
						if ($sql_data['CompanyID'] == $value['CompanyID']) echo " SELECTED ";
						echo ">" . $value['CompanyID'] . " - " . $value['CompanyName'];
					}
					if ($_SESSION['AccessLevel'] != 1) echo 'readonly'; 
					echo "</select>";
				}
				else {
					echo "<td><input type = 'text' name = 'CompanyID'
						  value = '" . $sql_data['CompanyID'] . "' readonly>";
				}
				?>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langaccesslevel ;
				if ($_SESSION['AccessLevel'] == 1) {
					?>
					<td><select name = 'AccessLevel'>
						<option value = '1' <? 
							if ($sql_data['AccessLevel'] == '1') echo "selected";
							echo ">" . $langaccessall ?>
						<option value = '2' <? 
							if ($sql_data['AccessLevel'] == '2') echo "selected";
							echo ">" . $langaccessmanager ?>
						<option value = '3' <? 
							if ($sql_data['AccessLevel'] == '3') echo "selected";
							echo ">" . $langaccessnormal ?>
					</select>
					<?
				}
				else {
					echo "<td><input type = 'hidden' name = 'AccessLevel'
						  value = '" . $sql_data['AccessLevel'] . "'>";
					if ($sql_data['AccessLevel'] == '1') echo $langaccessall;
					if ($sql_data['AccessLevel'] == '2') echo $langaccessmanager;
					if ($sql_data['AccessLevel'] == '3') echo $langaccessnormal;
				}
				?>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langdatestyle ?>
				<td><select name = 'DateStyle'>
						<option value = 'DDMMYYYY'
							<? if ($sql_data['DateStyle'] == 'DDMMYYYY') echo " SELECTED " ?>>DDMMYYYY
						<option value = 'MMDDYYYY'
							<? if ($sql_data['DateStyle'] == 'MMDDYYYY') echo " SELECTED " ?>>MMDDYYYY
						<option value = 'YYYYMMDD'
							<? if ($sql_data['DateStyle'] == 'YYYYMMDD') echo " SELECTED " ?>>YYYYMMDD
					</select>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langlanguageid ?>
				<td><select name = 'LanguageID'>
						<?
						$language_list = get_language_list();
						foreach ($language_list as $value) {
							echo "<option value='" . $value['LanguageID'] . "'";
							if ($sql_data['LanguageID'] == $value['LanguageID']) echo " SELECTED ";
							echo ">" . $value['LanguageID'] ;
						}
						?>
					</select>
			<tr>	
				<td bgcolor='<? echo $color1 ?>'><? echo $langloginpassword ?>
				<td><input type = 'password' name = 'LoginPassword' maxlength = '16'>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langretypepassword ?>	
				<td><input type = 'password' name = 'RepeatPassword' maxlength = '16'>
			<tr>
				<td bgcolor='<? echo $color1 ?>'><? echo $langenable ?>
				<? 
				if ($_SESSION['AccessLevel'] == 1) {
					echo "\n<td><select name = 'Enable'>";
					
					if ($sql_data['Enable'] == '0') {
						echo "<option value='0' SELECTED>$langdisable";
						echo "<option value='1'>$langenable";
					}
					else {
						echo "<option value='0'>$langdisable";
						echo "<option value='1' SELECTED>$langenable";
					}
					echo "</select>";
				}
				else {
					echo "\n<td><input type = 'text' name = 'Enable' value = '" 
						. $sql_data['Enable'] . "' readonly>";		
				}
				?>
		</table>		
		<br><input type = 'hidden' name = 'action' value = 'modify'>
			<input type = 'submit' value = '<? echo $langmodify ?>'>
		</form>
		<?
		break;
		
	case "modify" :
		if (($_SESSION['AccessLevel'] != 1) && ($_GET['StaffID'] != $_SESSION['UserID'])) {
			message_box("<br>$langstaffid $langmodifynotallow<br>");
			?>
			<script>self.close()</script>
			<?
			exit;
		}	
		$sql = "UPDATE staffmaster SET ";
		$sql .= "StaffName ='" . $_GET['StaffName'] . "', ";
		$sql .= "StaffGrade = '" . $_GET['StaffGrade'] . "', ";
		$sql .= "CompanyID = '" . $_GET['CompanyID'] . "', ";
		$sql .= "AccessLevel = '" . $_GET['AccessLevel'] . "', ";
		$sql .= "DateStyle ='" . $_GET['DateStyle'] . "', ";
		$sql .= "LanguageID ='" . $_GET['LanguageID'] . "', ";
		$sql .= "LoginPassword = password('" . $_GET['LoginPassword'] . "'), ";
		$sql .= "Enable ='" . $_GET['Enable'] . "' ";
		$sql .= "WHERE StaffID = '" . $_GET['StaffID'] . "'";
		
		$sql_result = sql_execute($sql);
		echo "<br>$langstaffid $langmodified<br>";
		title_bar($langstaffmaster, 1);
		
		// close this window if user is not controller
		if ($_SESSION['AccessLevel'] != 1) {
			message_box("<br>$langstaffid $langmodified<br>");
			?>
			<script>self.close()</script>
			<?
		}
		break;
		
	case "delete" :
		// check existence of transactions belong to that staff
		$sql = "SELECT StaffID FROM billtransaction WHERE StaffID = '" . $_GET['StaffID'] ."' LIMIT 1";
		$sql_result = sql_execute($sql);
		$sql_data = mysql_fetch_array($sql_result);
		if ($sql_data[0]) {
			$message = "<br>" . $langtransactionexist . "<br>" . $langcannotdelstaff . "<br>";
			message_box($message);
			?>
				<script>history.go(-1);</script>
			<?
			exit;
		}
			
		$sql = "DELETE FROM staffmaster WHERE StaffID = '" . $_GET['StaffID'] . "'";
		
		$sql_result = sql_execute($sql);
		echo "<br>$langstaffid $langdeleted<br>";
		title_bar($langstaffmaster, 1);
		break;

	case "count" :
		save_search_list();
		$url_text = retrieve_search_list();
		$sql = select_statement('staffmaster');		
		$sql_result = sql_execute($sql);
		$sql_data = mysql_fetch_array($sql_result);
		$no_of_record = $sql_data[0];
		
		?>
		<script>
		this.location = 'staffmaster.php?action=browse&total_record=<? echo $no_of_record ?>
						&record_offset=0<? echo $url_text ?>'
		</script>
		<?
		break;

	case "browse" :
		// Non controller can only modify their own user profile
		if ($_SESSION['AccessLevel'] != 1) {
			break;
		}
		
		navigation_bar('STAFF MASTER',1);
		column_headings(array($langstaffid, $langstaffname, $langstaffgrade, $langcompany, $langaccesslevel,
			$langdatestyle, $langlanguageid, $langenablestatus));
		
		// List Staffs here
		$sql = select_statement('staffmaster',1);		
		$sql.= " ORDER BY StaffID LIMIT " . $_GET['record_offset'] . ", " . $_SESSION['RecordPerPage'];
		$sql_result = sql_execute($sql);
		
		while ($sql_data = mysql_fetch_array($sql_result)) {
			$rowcolor = row_color_change();
			echo "\n<tr bgcolor='$rowcolor'>";
			echo "<td>";
			echo "<a href = 'staffmaster.php?action=modify_form&UserID=".$sql_data['StaffID'];
			echo "'>".$sql_data['StaffID']."</a>";
			echo "<td>";
			echo $sql_data['StaffName'];
			echo "<td>";
			echo $sql_data['StaffGrade'];
			echo "<td>";
			echo $sql_data['CompanyID'];
			echo "<td>";
			switch ($sql_data['AccessLevel']) {
				case "1" :
					echo $langaccessall;
					break;
				case "2" :
					echo $langaccessmanager;
					break;
				case "3" :
					echo $langaccessnormal;
					break;
			}
			echo "<td>";
			echo $sql_data['DateStyle'];
			echo "<td>";
			echo $sql_data['LanguageID'];
			echo "<td>";
			if ($sql_data['Enable'] == 1) echo $langyes;
			else echo $langno;			
			echo "<td>";
			echo "<a href = 'staffmaster.php?action=delete&StaffID=" .
					$sql_data['StaffID'] ."'>$langdelete</a>";
		}
		echo "</table>";
		break;
		
	default :
		title_bar($langstaffmaster, 1);	
		$field[] = array('title'=>$langstaffid, 'field'=>'StaffID', 'length'=>10);
		$field[] = array('title'=>$langcompanyid, 'field'=>'CompanyID', 'length'=>10);
		search_form($field, $_SERVER['PHP_SELF']);
		break;
}

html_footer();
?>